JBoss allows us to configure data sources by using an xml file. For configuring a data source in JBoss view here.
An excerpt from the (Datasource)-ds.xml,
<jndi-name>StudentDB</jndi-name>
<connection-url>jdbc:odbc:mySource</connection-url>
<!-- The driver class -->
<driver-class>sun.jdbc.odbc.JdbcOdbcDriver</driver-class>
<!-- The login and password -->
<user-name>jagadesh</user-name>
<password>jagadesh</password>
For the above snippet, we can see that the username and password are provided in a plain text format. JBoss allows us to use security domains which help us in providing encrypted passwords in the place of plain text password. In this article we will see how we can encrypt a password and provide it in the place of plain text password and still use the Datasource. For this we will use security domain in login-config.xml.
Security Domain: security domains are an abstraction used to secure all the requests that are made to a component. These are bound to JNDI and configured at a server level. These security domains can be used by any component. These are bound under “Java:/jaas”.
I will use the Datasource configured in here.
So now we will generate an encrypted password for the password that we want to use for the Datasource, in order to do this execute the command passing the text [password to be used as an argument]
java -cp client/jboss-logging-spi.jar; common/lib/jbosssx.jar org.jboss.resource.security. SecureIde
ntityLoginModule jagadesh
ntityLoginModule jagadesh
Encoded password: 7b228572f1d62ebcdf8592078de921
We got the encrypted password. So now we will configure a security domain with the username and password defined in it. We will use the default login-config.xml file available in
JBoss_Home/serer instance/conf/
The security domain that we configure looks like,
<application-policy name="DatasourcePassword">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">jagadesh</module-option>
<module-option name="password">7b228572f1d62ebcdf8592078de921bc</module-option>
</login-module>
</authentication>
</application-policy>
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">jagadesh</module-option>
<module-option name="password">7b228572f1d62ebcdf8592078de921bc</module-option>
</login-module>
</authentication>
</application-policy>
Let’s move through the parts,
Application-policy: defines a security domain
name: name of the security domain [JBoss uses this name to generate a Jndi context with which it binds the security domain into JNDI]
login-module: login modules know how to load data from property files, database or an Ldap server for checking the credentials provided by the application. Code specifies the class of the login module implementation.
So now we have configured the security domain in login-config.xml file. Once this is done restart the server.
Not the final step, we will be using this security domain in our Datasource file, the code looks like this,
<datasources>
<local-tx-datasource>
<jndi-name>StudentDB</jndi-name>
<connection-url>jdbc:odbc:mySource</connection-url>
<driver-class>sun.jdbc.odbc.JdbcOdbcDriver</driver-class>
<!--
<user-name>jagadesh</user-name>
<password>jagadesh</password>
<use-java-context>false</use-java-context>
-->
<local-tx-datasource>
<jndi-name>StudentDB</jndi-name>
<connection-url>jdbc:odbc:mySource</connection-url>
<driver-class>sun.jdbc.odbc.JdbcOdbcDriver</driver-class>
<!--
<user-name>jagadesh</user-name>
<password>jagadesh</password>
<use-java-context>false</use-java-context>
-->
//The user Name and Password are commented
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
<!-- should only be used on drivers after 3.22.1 with "ping" support
<valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLValidConnectionChecker</valid-connection-checker-class-name>
-->
<!-- sql to call when connection is created
<new-connection-sql>some arbitrary sql</new-connection-sql>
-->
<!-- sql to call on an existing pooled connection when it is obtained from pool - MySQLValidConnectionChecker is preferred for newer drivers
<check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
-->
<!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
<!--
<Resource name="jdbc/StudentDB" auth="Container"
type="javax.sql.DataSource" username="jagadesh" password="jagadesh"
driverClassName="sun.jdbc.odbc.JdbcOdbcDriver" url="jdbc:odbc:mySource"
maxActive="8" maxIdle="4"/>
-->
<security-domain>DatasourcePassword</security-domain>
//Security Domain was added here.
</local-tx-datasource>
</datasources>
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
<!-- should only be used on drivers after 3.22.1 with "ping" support
<valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLValidConnectionChecker</valid-connection-checker-class-name>
-->
<!-- sql to call when connection is created
<new-connection-sql>some arbitrary sql</new-connection-sql>
-->
<!-- sql to call on an existing pooled connection when it is obtained from pool - MySQLValidConnectionChecker is preferred for newer drivers
<check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
-->
<!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
<!--
<Resource name="jdbc/StudentDB" auth="Container"
type="javax.sql.DataSource" username="jagadesh" password="jagadesh"
driverClassName="sun.jdbc.odbc.JdbcOdbcDriver" url="jdbc:odbc:mySource"
maxActive="8" maxIdle="4"/>
-->
<security-domain>DatasourcePassword</security-domain>
//Security Domain was added here.
</local-tx-datasource>
</datasources>
So once your (Datasource)-ds.xml file is done .copy that to the deploy folder.
We can go to the console and test the connection.
Some more articles to come. So happy coding….
No comments :
Post a Comment